Opened 5 years ago
Closed 5 years ago
#1616 closed defect (wontfix)
ssl_preread_alpn_protocols not safe
|Reported by:||James Callahan||Owned by:|
ssl_preread_alpn_protocols is a comma separated list of ALPNs proposed by a client.
However an ALPN is allowed to contain a comma. This makes it impossible to safely know if a client proposed a given ALPN.
Change History (2)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
|Status:||new → closed|
Currently there is no convenient way in nginx to check if a given value is present in a list of values. This is why we came up with the comma-separated list. As mentioned above, it is unlikely that there will be any issue with that in real life since no protocols are defined which have a comma in name.
Another example is the
openssl s_client command line tool which expects
-alpn argument value as a comma-separated list as well.
Just a note, that in the current IANA "ExtensionType Values" registry of TLS ALPN Protocol IDs  there are no such values.